[ad_1]
Despite the data abuse of 87 million Facebook users due to the attitude of Cambridge Analytica consulting firm still a ghost in the closet of social networks, here is another problem this week, with a larger number of victims: about 120 million users.
But this time, the case seems to have been accidental. The researcher Inti De Ceukelaire released last Wednesday (27) that NameTests, a quiz app that was up until last month with a security flaw that, if exploited by someone with appropriate technical knowledge , could display user data that answered the quiz
SEE ALSO:
Ceukelaire reported to the Facebook data abuse reward program a flaw in the site behind the application . After answering the NameTests quiz, he noticed that the NameTests.com site was receiving information via the URL http://nametests.com/appconfig_user.
The researcher's personal data – such as full name, place, age and birthday– were in a JavaScript-based programming language that could be easily requested by any external site requesting it.
Depending on the quizzes you've done, JavaScript may disclose your Facebook ID, first name, last name, language, gender, date of birth, profile picture, cover photo, currency, devices you have used during the last update of your information, your publications and your status, your photos and your friends.
that this would happen if you manually delete cookies because the site does not offer disconnect functionality, "he said in his message on the Medium platform.
SEE ALSO:
Although Facebook is By the risk researcher at the end of April for his rewards program, it took another month for the vulnerability to be fixed at June 25th.
Two days later, on June 27, Facebook informed De Ceukelaire who received $ 8,000 as part of his data abuse rewards program, but half of that amount, $ 4,000, was given by him to a charity: the winner of the Freedom of the Press Foundation There is still a lot of suspicion about Zuckeberg and this may be the reason
